Compliance
Companies have different requirements that they need for regulating internal and external identities' access to company resources. On the one hand, rule checks are used for locating rule violations and on the other hand, to prevent them. By using these rules, you can demonstrate compliance with legislated regulations such as the Sarbanes-Oxley Act (SOX). The following demands are made on compliance:
-
Compliance rules define what an employee is entitled to do or not do. For example, an identity may not have both entitlements A and B at the same time.
-
Company policies are very flexible, and can be defined for any company resources you are managing with Manager. For example, a policy might only allow identities from a certain department to own a certain entitlement.
-
Each item that an identity access can be given a risk value. A risk index can be calculated for identities, accounts, organization, roles, and for the groups of resources available for request. You can then use the risk indexes to help prioritize your compliance activities.
Some rules are preventative. For example, a request will not be processed if it violates the rules, unless exception approval is explicitly granted and an approver allows it. Compliance rules (if appropriate) and company policies are run on a regular schedule and violations appear in the identity’s Web Portal to be dealt with there. Company policies can contribute to mitigation control by reducing risk. For example, if risks are posed by identities running processes outside the One Identity Manager solution and causing violations. Reports and dashboards provide you with comprehensive compliance information
Displaying compliance rules and rule violations
You can see an overview of the compliance rules and corresponding rule violations in the Web Portal. This information can help to determine gaps in your security or compliance policies and to develop attestation policies or mitigating controls. Mitigating controls are processes existing outside the One Identity Manager solution and reduce the risk of violation.
To display an overview of compliance rules and rule violations
-
In the menu bar, click Compliance > Compliance rules.
This opens the Compliance rules page.
-
(Optional) To further limit or extend which compliance rules are displayed, click 
(Filter) and in the context menu, under Status, select one of the following filters:
TIP: To view all compliance rules, clear the filter. To do this, click Clear filters on the context menu.
-
(Optional) To view more details of a compliance rule, click Details next to the compliance rule.
Displaying reports about compliance rules and rule violations
You can generate reports that describe the rule violations exactly. These reports contain a risk assessment for you to use for prioritizing violations and on which to base subsequent planning. The reduced risk index takes into account many risk factors that arise from violations and represents the risk as a value between 0 (no risk) and 1 (high risk).
To display a report about a compliance rule and its rule violations
-
In the menu bar, click Compliance > Compliance rules.
-
(Optional) To further limit or extend which compliance rules are displayed, on the Compliance Rules page, click (Filter) and in the context menu, under Status, select one of the following filters:
TIP: To view all compliance rules, clear the filter. To do this, click Clear filters on the context menu.
-
Click Details next to the compliance rule whose report you want to see.
-
In the View Compliance Rule Details pane, click Download report.
Responsibilities
In One Identity Manager, identities have responsibilities for various objects. In the Web Portal, you can perform a number of actions on these responsibilities and obtain information about them.
Detailed information about this topic
